particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Use REGISTRY_TOKEN for GitHub OIDC signing

Browse source
This commit is contained in:
Gerald Pinder 2024-02-19 13:48:08 -05:00
parent ca6cd80088
commit b087474cf2
1 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/commands/build.rs
View file

@ -593,7 +593,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
env::var("CI_SERVER_PROTOCOL"),
env::var("CI_SERVER_HOST"),
env::var("SIGSTORE_ID_TOKEN"),
env::var("GITHUB_TOKEN"),
env::var("REGISTRY_TOKEN"),
env::var("GITHUB_EVENT_NAME"),
env::var("GITHUB_REF_NAME"),
env::var("GITHUB_WORKFLOW_REF"),
@ -658,7 +658,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
_,
_,
_,
Ok(_),
Ok(registry_token),
Ok(github_event_name),
Ok(github_ref_name),
Ok(github_worflow_ref),
@ -668,6 +668,8 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
{
trace!("GITHUB_EVENT_NAME={github_event_name}, GITHUB_REF_NAME={github_ref_name}, GITHUB_WORKFLOW_REF={github_worflow_ref}");
env::set_var("GITHUB_TOKEN", registry_token);
debug!("On {github_ref_name} branch");
info!("Signing image {image_digest}");
@ -697,9 +699,21 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
bail!("Failed to verify image!");
}
}
(_, _, _, _, _, _, _, Ok(github_event_name), Ok(github_ref_name), _, Ok(_))
if github_event_name != "pull_request"
&& (github_ref_name == "live" || github_ref_name == "main") =>
(
_,
_,
_,
_,
_,
_,
_,
Ok(github_event_name),
Ok(github_ref_name),
_,
Ok(cosign_private_key),
) if github_event_name != "pull_request"
&& (github_ref_name == "live" || github_ref_name == "main")
&& !cosign_private_key.is_empty() =>
{
trace!("GITHUB_EVENT_NAME={github_event_name}, GITHUB_REF_NAME={github_ref_name}");